From a5a9efd4d1995ef6d46dfab4e5b8aba9c5d114ef Mon Sep 17 00:00:00 2001
From: Florin Coras <fcoras@cisco.com>
Date: Tue, 5 Jan 2021 17:03:29 -0800
Subject: vcl session: switch to generic cert key apis

Remove the deprecated tls apis.

Type: improvement

Signed-off-by: Florin Coras <fcoras@cisco.com>
Change-Id: Ia1e12bd813671146f0aca22e83d04c23ac13e595
---
 src/vnet/session/application.c | 28 +++++-----------------------
 1 file changed, 5 insertions(+), 23 deletions(-)

(limited to 'src/vnet/session/application.c')

diff --git a/src/vnet/session/application.c b/src/vnet/session/application.c
index 20b0a9e137b..906a73e9d79 100644
--- a/src/vnet/session/application.c
+++ b/src/vnet/session/application.c
@@ -1320,26 +1320,6 @@ application_get_segment_manager_properties (u32 app_index)
   return &app->sm_properties;
 }
 
-clib_error_t *
-vnet_app_add_tls_cert (vnet_app_add_tls_cert_args_t * a)
-{
-  /* Deprected, will be remove after 20.01 */
-  app_cert_key_pair_t *ckpair;
-  ckpair = app_cert_key_pair_get_default ();
-  ckpair->cert = vec_dup (a->cert);
-  return 0;
-}
-
-clib_error_t *
-vnet_app_add_tls_key (vnet_app_add_tls_key_args_t * a)
-{
-  /* Deprected, will be remove after 20.01 */
-  app_cert_key_pair_t *ckpair;
-  ckpair = app_cert_key_pair_get_default ();
-  ckpair->key = vec_dup (a->key);
-  return 0;
-}
-
 static void
 application_format_listeners (application_t * app, int verbose)
 {
@@ -1706,8 +1686,10 @@ int
 vnet_app_add_cert_key_pair (vnet_app_add_cert_key_pair_args_t * a)
 {
   app_cert_key_pair_t *ckpair = app_cert_key_pair_alloc ();
-  ckpair->cert = vec_dup (a->cert);
-  ckpair->key = vec_dup (a->key);
+  vec_validate (ckpair->cert, a->cert_len - 1);
+  clib_memcpy_fast (ckpair->cert, a->cert, a->cert_len);
+  vec_validate (ckpair->key, a->key_len - 1);
+  clib_memcpy_fast (ckpair->key, a->key, a->key_len);
   a->index = ckpair->cert_key_index;
   return 0;
 }
@@ -1749,7 +1731,7 @@ vnet_app_del_cert_key_pair (u32 index)
 clib_error_t *
 application_init (vlib_main_t * vm)
 {
-  /* Add a certificate with index 0 to support legacy apis */
+  /* Index 0 was originally used by legacy apis, maintain as invalid */
   (void) app_cert_key_pair_alloc ();
   app_main.last_crypto_engine = CRYPTO_ENGINE_LAST;
   app_main.app_by_name = hash_create_vec (0, sizeof (u8), sizeof (uword));
-- 
cgit 1.2.3-korg